The pandemic has been an accelerant for digital payments and digital payment fraud globally. Krista Tedder of Javelin and Stu Bradley of SAS discuss recent findings.
Ninety-four percent of cyber threats originate in the inbox, and increasingly fraudsters are plying their trade through impersonation attacks. Mariana Pereira of Darktrace discusses the role machine learning can play in repelling these strikes.
California voters passed Proposition 24, the California Privacy Rights Act, on Nov. 3, which expands upon the recently activated California Consumer Privacy Act specifically when it comes to enforcement and how businesses handle personal data.
Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
The number of attacks related to Emotet continues to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign, according to research from HP-Bromium. During this time, Emotet is mainly infecting devices with the QBot or QakBot banking Trojan.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
The FBI has issued a flash alert warning that unidentified threat actors are actively targeting vulnerable SonarQube instances to access source code repositories of U.S. government agencies and private businesses.
Brian Brackenborough, CISO, Channel 4, the British television network, and Nick Nagle, CISO, Security Critical, a U.K.-based consultancy company, discuss the lessons learned in 2020 and how they might impact the year ahead, agreeing that 2021 provides an "opportunity for a re-set."
After weeks of rising anxiety, Election Day proceeded in the U.S. with no public indications of interference. But experts say misinformation campaigns are still likely, and there's plenty of time for malicious activity as the vote tallying proceeds.
CISA and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product. This "severe" bug is already under active exploitation and could allow an attacker to run malicious code, security experts say.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
In a notification letter filed to the Montana Department of Justice, precious metal trader JM Bullion has revealed that an unknown amount of customer information has been compromised in a data breach. The security incident took place over a five-month period earlier this year.
Microsoft plans to patch on Nov. 10 a zero-day kernel vulnerability found by Google's Project Zero bug-hunting team. Google released the details of the flaw after a week because attackers are using it in the wild.
The Maze cybercrime gang, which revolutionized the ransomware business by adding an extortion element to each attack, has issued a statement saying it has hung up its spikes and will retire, at least temporarily. Security executives do confirm Maze's activity has dropped off in recent months.
Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis. This same advanced persistent threat group is also the subject of a new joint alert by CISA and the FBI.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.